Enable systemd-journald Service

Description

The systemd-journald service is an essential component of systemd.

The systemd-journald service can be enabled with the following command:

$ sudo systemctl enable systemd-journald.service

Rationale

In the event of a system failure, Ubuntu 22.04 must preserve any information necessary to determine cause of failure and any information necessary to return to operations with least disruption to system processes.

Remediation

Shell script

The following script can be run on the host to remediate the issue.

#!/bin/bash

# Remediation is applicable only in certain platforms
if [ ! -f /.dockerenv ] && [ ! -f /run/.containerenv ]; then

SYSTEMCTL_EXEC='/usr/bin/systemctl'
"$SYSTEMCTL_EXEC" unmask 'systemd-journald.service'
"$SYSTEMCTL_EXEC" start 'systemd-journald.service'
"$SYSTEMCTL_EXEC" enable 'systemd-journald.service'

else
    >&2 echo 'Remediation is not applicable, nothing was done'
fi

Ansible playbook

The following playbook can be run with Ansible to remediate the issue.

- name: Enable systemd-journald Service - Enable service systemd-journald
  block:

  - name: Gather the package facts
    package_facts:
      manager: auto

  - name: Enable systemd-journald Service - Enable Service systemd-journald
    ansible.builtin.systemd:
      name: systemd-journald
      enabled: true
      state: started
      masked: false
    when:
    - '"systemd" in ansible_facts.packages'
  when: ansible_virtualization_type not in ["docker", "lxc", "openvz", "podman", "container"]
  tags:
  - NIST-800-53-SC-24
  - enable_strategy
  - low_complexity
  - low_disruption
  - medium_severity
  - no_reboot_needed
  - service_systemd-journald_enabled